Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Is it coincidence that a Russian security firm keeps finding these clandestine state-sponsored Middle-eastern directed malware? Or are US and European security firms simply instructed to look the other way?/tinfoilhat

In my opinion, Us, European, and Russian security firms should ALL be looking the other way and keeping their mouths shut. Once it's reasonably clear that a piece of malware is an espionage tool directed at our mutual targets of intelligence interest, and that it doesn't pose a general threat to our own information security, they should keep it to themselves. There's nothing patriotic, altruistic, laudable, or beneficial about screwing up legitimate national intelligence projects. This ain't a scandal, c

What about keeping the general population informed about what the world is up to? You know, so that the electorate can make electoral decisions based on actual information rather than fear-mongering? Or is this just an outdated concept, and we should let our politicians just tell us what we should worry about?

Should the details of the latest stealth aircraft technology be publicly disclosed so voters can make informed decisions? The latest in radar-absorbing paint, if it exists in a usable form? Nuclear weapon design details (the important details, not the general info that's already public)? Every detail of the President's personal security? Come on. Some things are relevant enough to the political process that voters must be informed. Other things are not, and secrecy is critically important for some of them.

Holy crap dude - can you understand the difference between understanding what your opponents are up to, and technical details and specs of your gadgetry? One is something that is crucial towards formulating an effective strategy, the other is crucial to formulating battlefield tactics. I'm sure you can figure out which is which.

Dude, it's a Russian firm: it's in Russia's interests to put out information like this. Maybe you didn't know but given the extent of Russia, Iran is in their sphere of influence: it's their back-yard. So they are going to do it. If you want a period of silence of loyalty you better insure the other nation-state doesn't discover the software. I also wouldn't be surprised if this is of great interest to them for having somehow been involved in the nuclear affairs of Iran--they wanted to manage a nuclear powe

Should the details of the latest stealth aircraft technology be publicly disclosed so voters can make informed decisions? The latest in radar-absorbing paint, if it exists in a usable form? Nuclear weapon design details (the important details, not the general info that's already public)? Every detail of the President's personal security? Come on. Some things are relevant enough to the political process that voters must be informed. Other things are not, and secrecy is critically important for some of them.

The answer to the first one anyway is "yes" -- assuming that it's not your country who's working on it. While all the security companies have a US presence, most are global in scope, and a sizeable portion of their customers are not in the US.

Should the details of the latest stealth aircraft technology be publicly disclosed so voters can make informed decisions? The latest in radar-absorbing paint, if it exists in a usable form? Nuclear weapon design details (the important details, not the general info that's already public)? Every detail of the President's personal security? Come on. Some things are relevant enough to the political process that voters must be informed. Other things are not, and secrecy is critically important for some of them.

Ok I'll say it. If you don't want something to go public DON'T post it on the internet.Stealth technology is fucking secret. You don't see the details on the internet do you ?Secret is secret, putting something on the internet is everything except secret.

Liberty is less threatened by foreign evildoers than by domestic injustice. Laws that stack the deck, and laws that are selectively enforced, are what any lovers of freedom should fear.

It's not secret technology that protects us. Freedom's only hope is a people that won't take crap from their government.

I think armed revolution would be a stupid and counterproductive idea. But bloodless or bloody, technical tactical details of the hardware we've bought with our own money could be handy to know.

Of course it's not as simple as I portray it, but progress and freedom depend on transparency, warfare and tyranny depend on secrecy. When so much is secret, even our laws, we must ask ourselves if our priorities are straight.

This is dangerous software designed to attack regular business and users PCs. Once discovered in target countries in will be analysed, edited and returned in spades. So the local populace is largely unaware and defenceless when their computers, networks and bank accounts go down. For once and all cyber warfare is purely a defensive war once bloody morons go on the offensives they will just cripple the systems of people whom they are meant to be protecting.

Given a free choice I doubt the majority of voters would choose either of the two available options. Since realistically those are the only two groups who can win and a vote for anyone else is basically wasted and counts for nothing the only intelligent thing to do is vote for the least bad option.

What's contemptibly stupid is not understanding that the system itself is broken, and people are just trying to make the best of a bad situation. Or do you have a plan you chose not to share with us?

Belgium has a multi-party system and before the elctions there was a voting test (stemtest) if you did not know who to vote for.With several questions about statements and the importance of those statements.

Several politicians who tried it where apparently in the wrong party. That could be explained that they went to a certain party for whatever reason.

Several friends of mine who did the test got to a different party then what they would normally vote for. When I asked them if they would vote for that new party, the answer was mostly no and sometimes, I do not know yet.

When I asked why, the answers where always emotional, not rational. These people were well informed and STILL went with their emotions. Some of them based on fear, others on not wanting to break tradition "because that who they voted for before".

In the last two Canadian elections, our national broadcaster, CBC, put up a "political compass" online survey tool that worked with a similar idea to your stemtest. Instead of the flawed, overly-simplistic left-right wing, they use the more modern (and less-flawed) two-axis grid.

Like your friends, a lot people who took it were placed in a different party than they expected. I don't know if your friends did this, but the comments left on the compass tool accused the producers of rigging it so results more of

Why should they care about 'national intelligence' as it pertains to other countries? They have no duty to protect whoever created this. Hell, until they've done the analysis, they don't even know who the hell it is.

If you have code out there that's an attack vector, it's a vulnerability for everyone. If someone repurposed the attack, it's something which can be exploited.

Do you think people should have laid low on the topic of the Sony rootkit on CDs because, clearly they were justified?

I don't buy your argument -- security researchers are looking for vulnerabilities we could all be subject to.

National intelligence be damned... how the hell are you supposed to know what is being targeted and by whom? Did China write this? The US? Russia? Tuvalu?

That's like saying people should stop worrying if the police are breaking laws because they're doing it for our own good. Then ends don't always justify the means.

There comes a point with even the most successful cyberattack vector-- think stuxnet-- of diminishing returns. Sooner or later the nation under attack is going to wise up and put in place some sort of protection.

However the attacker can change the game and go public just before that point, and do so in a way that can create enough confusion and fud to further damage his opponent. The way the news about stuxnet was dribbled out, with lots of caveats and plausible conspiracy theories, Iran has had to spend a lot more than they had budgeted for on system reviews. And all those Iranian tech people who have been tied up in assuring that military and critical civilian systems are clean-- well, they are no longer available for other pursuits, like refining nuclear detonation models or missile control systems. This is significant: if you can tie up the intellectual resources of a country with a few thousand lines of code, you can bring the development of their war machine to a grinding halt. And do it without anyone having to dodge real bullets.

It is plausible that we are now learning about Flame because its controllers have decided that it is time to go public. Kaspersky might be simply an unwitting player in moving the game to the next level. Or perhaps they are very much in the loop. From the perspective of a third party, it doesn't matter. What matters is that Flame makes it more likely that any clandestine business arrangements with repressive Middle East countries will become public. That shifts the risk - benefit analysis of companies that are thinking about doing business with those governments, and those governments will find some purchases will be harder to make and more expensive.

Of course this post adds to the fud; it suggests a complex conspiracy theory operating on several levels. I can say that I am not a party to such a conspiracy, but most readers would not be able to verify that. I can also say that as I do not much like the current regimes in Iran and Syria, I think it would be a good thing if they had to spend more of their resources on assuring that all their computers were clean of nasty little surprises. It seems to me that talking up the possibility of some kind of international conspiracy of many, many levels would be a good thing, whether it is true or not. Could the intelligence agencies of the USA, UK, Israel, Russia, Denmark (why not Denmark?) and so on have formed their own little Anonymous group? Can you not picture Ninja Hackers in Guy Fawkes masks?

Most US-made products are illegal to be sold to Iran, both export- and import restrictions will apply. Defying such rules guarantees life-long trouble at the airport and when dealing with the government. A Russian antivirus company won't have such problems; theoretically they could be barred from the US and European markets for selling advanced technology to Iran but that seems unlikely at the moment.

Could be a marketing strategy. This kind of stuff is of limited interest to conventional security firms (a focused attack by someone with more resources than you isn't something you can do much about and isn't a very large market) but it does make your company look like they know what they are doing. US and European companies may use different marketing strategies.

No coincidence, but not a conspiracy either. Kaspersky wants to sell protection throughout the Middle East, and this is a great way to market it. The US & European firms know that such a marketing strategy would be a lost cause for them.

It seems those kinds of viruses are going against the trends, which is using social engineering nowadays, and not very sophisticated software. For example, the oh-so-dangerous Chinese hackers mostly use tactics which boil down to sending emails asking you in clever ways to execute the attached exe or to enter your username and password on their website that looks like your legitimate one.

It's refreshing to see a virus which targets, you know, the actual computer instead of the user.

First we got the bomb, and that was good,
'Cause we love peace and motherhood.
Then Russia got the bomb, but that's okay,
'Cause the balance of power's maintained that way.
Who's next?
France got the bomb, but don't you grieve,
'Cause they're on our side (I believe).
China got the bomb, but have no fears,
They can't wipe us out for at least five years.
Who's next?

If it was just espionage and not sabotage they would probably just quietly fix the vulnerabilities and bury the fact that it ever happened as deep as possible, you don't want to publicly admit that critical infrastructure is that vulnerable.
Actual sabotage on the other hand would probably be an entirely different story, at least if enough people got hurt or the sabotage was widespread enough that it could not be covered up, if it can still be covered up then it is in their own interest to quietly cover up

Um, wrong. Where did you get the idea that the US views malware-based foreign espionage as an act of war?

So if important US systems were infested with Iranian-government malware, Congress wouldn't be demanding that Obama bomb Iran this afternoon?

Important US government systems ARE being continuously attacked by Chinese-government actors, and Congress is NOT demanding that Obama bomb China. I don't think the result would be any different if it were Iran doing it (and they're probably trying). "Cyber-warfare" is not real war, and in practice it does not provoke a military response these days. It's happening all the time.

Actually it's funny this is right out of Marxist philosophy which says whoever controls the means of the production are the rulers of that society. Well, over the last 20 years China has pulled in all of the world production so guess what that means? Haha, the Chinese are pretty crafty. If only Americans had read Marx instead of burning it they might have seen it coming.

Actually it's funny this is right out of Marxist philosophy which says whoever controls the means of the production are the rulers of that society. Well, over the last 20 years China has pulled in all of the world production so guess what that means? Haha, the Chinese are pretty crafty. If only Americans had read Marx instead of burning it they might have seen it coming.

Except China does not control the means of production. Apple as well as other have all said they could build stuff in the US, but it isn't as cheap or convenient as doing it in China. Nations such as Korea, Taiwan, and Japan who actually make the parts that China assembles that require skilled workers and much more expensive and long term factories to manufacture are much more in charge of the means of production than the Chinese. Hell, most things made in China we care about are built by Foxconn which is a

You're acknowledging that China has beaten the rest of the world market in labor and production, and that they are now currently producing things for every other country that has become too lazy or constipated to produce on their own. How can you claim that China does not control the means of production? They have controlled it perhaps not by way of force but surely through shrewd dealing and a disinterest in integrity. Notice that we continue to allow China to build for us even though their work is arrogan

Yeah, just like all the spying and such that went on between the US and Soviet Union - everytime someone was caught it ended up in a new world war.

Oh wait no it didn't. Just because the tools changed doesn't mean much else has. This sort of thing has gone on as long as nations have existed (if not longer), and will go on. If any of this is new or exciting for you, you need to get out more.

Enemy nations spy on each other. Friendly nations spy on each other. It's what nations do. It's not a "ZOMG this proves (nation I hate) is evil!" material.

Flame seems to use libraries with permissive licenses only. No hacktivists or cybercriminals would care about this issue, they would use whatever works best.

This leaves governments, they might. Why? Because if it ever becomes known who actually made it, that party would need to release all of the sources, had they used libraries under some copyleft license! Why? Well, whoever made Flame has already obviously distributed binaries, so suing for copyleft violation would happen in court, and it would be many people suing, especially the counterparty is the government. It would be a PR disaster, and to risk that on an election year? No way.

Also, Flame requires a considerable infrastructure to store and analyze the spied information. Which governments would be capable of pulling this off? All the big ones with a lot of money to spend: China, Russia, Great Britain, France, USA, Japan,...

So, which government cares a lot about intellectual property? China? Nope. Russia? Nope. Great Britain - well, yeah. Personally, I don't think it was Great Britain. It would be enlightening to check the Flame Lua-parts (or other plaintext in the main Flame) for spelling of -ise vs. -ize. I bet there's -ize and not -ise.

It is said that Stuxnet and Flame share similar 0-day holes. The nation which developed Stuxnet is Israel and they have a strong history of military and intelligence collaboration with USA. Israel would not have had the capability or capacity to run two such parallel programs on its own.

So who HAS likely NOT made Flame? Drop the nations which are one way or another unlikely candidates, and only one name is really left.

So, who made Flame?USA made Flame. This is what I think. What's your analysis?

Last time I looked both Britain and France were saving all the money they could just to try and stay afloat, so probably not them for that reason alone - although nations have a habit of spending insane money on such matters even as they sink under a sea of debt...

the important somewhat scary question: how does Kaspersky accumulate so much sensitive data?

Think about it. We're talking about personal computers in the middle east. We're talking about some kind of top-shelf spyware. So where does Kaspersky pull their data from?

I think cyberweapons could be seen as useful to computer defense companies. Since I can remember, programmers interested in viruses and virus defense have been apt to bring up the question, "why shouldn't we infect everybody's computer with the latest virus scanner in the form of a virus? Why leave it this voluntary thing?"

Obivously Kaspersky and any other computer virus defense company could benefit from spreading a virus that allows them to actively scan the contents of a computer's drive or memory, if they are looking across a huge geography for a specific signature. They could benefit even more if the virus allowed them to attach modules that will tell them if the cyberweapon attempts to contact other computers either to spread or to report back, because this would allow them to quickly and easily build a vector map.

Which leads me to ask how they get their data in the first place. It's not like they are paying off all the Geek Squads in the Middle East, to send them copies of the entire contents of any drives brought in as having "problems". So how are they discovering threats in the first place, and how can they write paragraphs such as this one:

"According to our observations, the operators of Flame artificially support the quantity of infected systems on a certain constant level. This can be compared with a sequential processing of fields â" they infect several dozen, then conduct analysis of the data of the victim, uninstall Flame from the systems that arenâ(TM)t interesting, leaving the most important ones in place. After which they start a new series of infections."

This suggests that they have become intimately knowledgable about the owners of the infected machines, whether or not those owners are persons of interest, and know seemingly just about as much as the owners of the cyberweapon know. So where is the line drawn, to distinguish between threat and defense??

TFA purports that somebody wrote a bunch of code that is a virus, trojan, malware and toaster driver all at once. Nobody knows who did it or why, but they must be very smart. It hijacks data, voice, video and neural transmissions and appears to be able to perform telekinesis. It was likely written sometime after 1996 and before 2021.

It's big.. Really big. So big that it would fit on any USB drive or email attachment created since, well, 1996.

It's smart. Really smart. So smart that it's going to take us literally months of press reports to get it out.

It goes after the Usual Suspects. It may or may not be related to Stuxnet, tilde, Steven P. Jobs or George Bush (either or both of them).

For some strange reason, the coders wrote the thing pretty much unobfuscated. Except that unobfuscated isn't a word.

its complexity, the geographic scope of its infections and its behavior indicate strongly that a nation-state is behind Flame, rather than common cyber-criminals â" marking it as yet another tool in the growing arsenal of cyberweaponry.

What I don't understand is why a massive and technically complex piece of malware necessarily has to be written by a "nation-state"? There are no really smart hackers around that might want to do something like this for the challenge? One might think that a smart hacker might want to point the smoking gun in a different direction?

I think it is both a matter of money and resources. A "nation-state" has as much money as anyone can, and they also can place moles/agents in a lot of places where your average, even "smart", hacker would shit his pants. Not only that, a lone man can only do so much

You can tell a lot about who made this thing by looking at who it's targeting: Iran, Palestine, Syria, Lebanon, Eygpt, Saudi Arabia... it's practically a Who's Who of Israel's enemies and potential enemies. If you look at the map in the article, you can see all the infected countries in red, and smack dab in the middle of all of them is Israel. Israel also has some of the most advanced cyberwarfare capabilities in the world, so when you see an extremely sophisticated piece of malware, they should be at the

because the average cyber criminal is gonna go after a large target because like all criminals they are lazy and want the most bang for their time, whereas these things are HIGHLY specialized, with Stux it was specialized to the point of absurdity, so while your average or even smart cyber criminal isn't gonna bother attacking a system with such a small target area and which takes more work than say...ohh...fooling someone with an SMS scam nations on the other hand that want to fuck something specific up wi

In either case it simply makes no sense for anyone OTHER than a nation to have something like this built. look at Stux, last estimate i saw said there was MAYBE 25,000 machines on the planet that would fit the target profile, hell there are probably more Win2K machines still on the net than that and any halfway successful Android or Windows malware can easily get 10 times that much.

In the end a cybercriminal is like any other criminal, they want the biggest haul for the shortest amount of work. These thin

In the case of Stuxnet, your average hacker doesn't have access to nuclear centrifuge controllers to develop and debug on. For code that is as finely tuned as it was, you need a development lab that includes the target systems or at least true simulations thereof.

For something like Flame, with it being as targeted as it is, you'd expect something similar.

I think the issue is that the more complex and sophisticated an attack, the more people you need, and then you run into an additional problem - for a criminal enterprise, the more people are involved, the more likely it is to be caught, either through carelessness or snitches.

So the "nation-state's backing" doesn't have to mean that a country's intelligence service is actively doing something, but just that they are sheltering and giving legal immunity to a group of civilian blackhats. And maybe free Mounta

And don't forget that the research shop that discovered it is headed by a guy who is a vocal proponent of having an Internet Police and absolutely no anonymity. Don't get me wrong, Kaspersky is a really good malware research team with a really good product, but I stopped buying their products as soon as I heard the CEO make those ridiculous statements.

Two words: Impossible.
I don't believe that a backwater like Sudan has 32 computers, nevermind 32 stuxnet infections, unless maybe these are real viral infections of decimated cattle. So that map and analysis looks like total bulldust to me.

Two words: Impossible.
I don't believe that a backwater like Sudan has 32 computers, nevermind 32 stuxnet infections, unless maybe these are real viral infections of decimated cattle. So that map and analysis looks like total bulldust to me.

I know you've got your tongue at least near your cheek, but I worked there a few years ago. They do have computers. The more reputable multinationals were running linux and StarOffice, due to US embargo Microsoft wasn't allowed to sell there. Given the rather not-ready-for-prime-time condition of Star Office in the mid-90s, people did complain and I expect productivity suffered. The embargo also meant that Visa, MasterCard and Amex couldn't operate there, so everything was done with cash. It was a litt

Yes it is clearly not in the best interest of the intelligence community to be discovered with whatever plot they're currently plotting away at. On the other hand Kaspersky wants profit, being the first to report on something like this will likely gain them space in the spotlight for the moment at least which translates to profit, so it is probably not in the best interest of Kaspersky to comply with the intelligence community's need for obscurity unless they pay them enough enough(or use some less pleasant means of coercion).

On the other hand Kaspersky wants profit, being the first to report on something like this will likely gain them space in the spotlight for the moment at least which translates to profit...

Profit? If I had been a victim of this malware I'd be pretty pissed at Kaspersky since I'd definitely prefer to keep a very tight lid on this. There is great value in using a tool like this, once it has been discovered, to feed it's operator (presumably the Mossad) a big and steaming pile of plausible bullshit.

The whole loose lips sink ships debate is mooted in the face of the liberal hacker community. Hackers talk about every threat not for pride or profit but because it's a Darwinian thing: if a threat is discovered, it's obviously no longer (or not much longer) a real threat, so you might as well out it. Meanwhile, threats are competitors. Don't you think it's suspicious enough that some company profits from protecting you from viruses?

Yes all true but why exactly would Kaspersky give a rat's ass about whether you want the malware to become public or not? It is in their direct interest to be the first to bring these things public so why would they keep quiet unless you give them some sort of incitement to do so?

They have absolutely no obligation to listen to nor obey your wishes unless you happen to be their government(and there are laws which enable you to enforce their silence)

Think about it: this may well be a war, an agreessive confilct between twonations, one of which has nuclear weapons, and the other is close. And how many casualties so far? How many cities levelled? This is a good weapon, as weapons go!

Sure, eventually we'll be attacked by the same, and there will be casualties, but it somehow seems less dangerous to civilians than dropping skyscrapers.

For real? Do you think Khamenei will, someday, wake up, drink his coffee and say "What a nice day! I'll deploy the long-range missile technology I don't have to blow up a location half the planet away from me, just because Rush Limbaugh said I probably would do it."?

No but to play devil's advocate here it is far more likely they would lob one at Israel. When that happens, because of treaties we have with them (lots of Jewish folk here to push it through), we would be at war with whoever did attack Israel. It's the same situation with North and South Korea.

I'm sure I never said that. I don't think I ever implied that. Israel is a nuclear power engaged in low-level conflict with Iran. There's a war of assassination and proxy (and likely malware) going on between those nations.

Wow, do you have some cartoon charicature conservative in you head, and whenever anyone says somehting you don't agree with, you just assign that stereotype and all it's beliefs to the speaker? Trying to understand the actual arguments being made is a much better way to go through lif

You obviously didn't RTFA, because if you would have, you would have noticed this sentence.

Kaspersky discovered the malware about two weeks ago after the United Nations' International Telecommunications Union asked the Lab to look into reports in April that computers belonging to the Iranian Oil Ministry and the Iranian National Oil Company had been hit with malware that was stealing and deleting information from the systems.

Why do you jump to the conclusion that if it is targeting Iran it must be a good thing? Do you ever question what you see in the media? What if it was written by programmers hired by wall streeters that were trying to gain an upper hand on the oil market, thereby basically stealing money from the Iranians and from you? Still a good thing? This is probably not the case, but that's just it: until we find out all of the details we need to keep our minds open and quizzical, and question who is feeding us what bullshit and why.

Propaganda is getting more and more sophisticated; it is coming at you from all directions. I'm not saying be paranoid, just to realize that most media that gets presented to you has a purpose. Once in a while see if you can divine that purpose.

I do not parrot what the media says but the timing is right for a preemptive disruption of Iran's nuclear capabilities. Sure, it could be Wall Streeters but then isn't it you who believe everything you hear in the media (e.g. Wall Street = bad, fat cats, etc.)? They can make plenty of money without this conspiracy...and the last time this was done a couple years ago it was deemed to be state sponsored, not a private company or organization. I'd rather stick to my theory than your made up theory, though y

Since Iran support/sponsors terrorists and has enough nuclear material to make an estimated five nuclear weapons (although the material may be slightly too crude to weaponize at the moment),

I'd bet the malware was developed either in Israel or the USA...probably Israel with USA support. This could create problems but I think this is a good move.

I think you should work on your premise there. I don't know which terrorists you speak of. The US and Isreal support terrorists ("freedom fighters") when it is in their interest. Both have large amounts of nuclear weapons. Aren't you applying double standards here? How do you know Iran are the evil guys here (just because they are being portrayed as such in the media)? Iranian leadership is whacky, but it isn't warmongering.